2 matches found
CVE-2025-27092
GHOSTS is an open source user simulation framework for cyber experimentation, simulation, training, and exercise. A path traversal vulnerability was discovered in GHOSTS version 8.0.0.0 that allows an attacker to access files outside of the intended directory through the photo retrieval endpoint...
CVE-2025-27092
CVE-2025-27092 affects the GHOSTS framework. A path traversal flaw exists in the photo retrieval endpoint at /api/npcs/{id}/photo, where crafted photoLink values can cause directory traversal and expose files outside the intended photo directory. Affected versions are 8.0.0.0 up to 8.2.7.89. The ...